SAS, Combofix og HJT Logg! Noen som kan sjekke?

[elZiko]

SAS:

 

Klikk for å se/fjerne innholdet nedenfor

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/19/2008 at 01:22 PM

 

Application Version : 4.15.1000

 

Core Rules Database Version : 3485

Trace Rules Database Version: 1476

 

Scan type : Complete Scan

Total Scan Time : 00:17:21

 

Memory items scanned : 666

Memory threats detected : 0

Registry items scanned : 8051

Registry threats detected : 131

File items scanned : 25008

File threats detected : 26

 

Adware.HotBar/ShopperReports (Low Risk)

HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32#ThreadingModel

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID

D:\PROGRAM FILES\SHOPPINGREPORT\BIN\2.5.0\SHOPPINGREPORT.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

 

Adware.Zango/ShoppingReport

HKLM\Software\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32#ThreadingModel

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib

HKCR\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID

HKU\S-1-5-21-2502830777-2742604688-2715807962-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}

HKCR\ShoppingReport.HbAx

HKCR\ShoppingReport.HbAx\CLSID

HKCR\ShoppingReport.HbAx\CurVer

HKCR\ShoppingReport.HbAx.1

HKCR\ShoppingReport.HbAx.1\CLSID

HKCR\ShoppingReport.HbInfoBand

HKCR\ShoppingReport.HbInfoBand\CLSID

HKCR\ShoppingReport.HbInfoBand\CurVer

HKCR\ShoppingReport.HbInfoBand.1

HKCR\ShoppingReport.HbInfoBand.1\CLSID

HKCR\ShoppingReport.IEButton

HKCR\ShoppingReport.IEButton\CLSID

HKCR\ShoppingReport.IEButton\CurVer

HKCR\ShoppingReport.IEButton.1

HKCR\ShoppingReport.IEButton.1\CLSID

HKCR\ShoppingReport.IEButtonA

HKCR\ShoppingReport.IEButtonA\CLSID

HKCR\ShoppingReport.IEButtonA\CurVer

HKCR\ShoppingReport.IEButtonA.1

HKCR\ShoppingReport.IEButtonA.1\CLSID

HKCR\ShoppingReport.RprtCtrl

HKCR\ShoppingReport.RprtCtrl\CLSID

HKCR\ShoppingReport.RprtCtrl\CurVer

HKCR\ShoppingReport.RprtCtrl.1

HKCR\ShoppingReport.RprtCtrl.1\CLSID

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Control

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\InprocServer32#ThreadingModel

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ProgID

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Programmable

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\ToolboxBitmap32

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\TypeLib

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\Version

HKCR\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}\VersionIndependentProgID

HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}

HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32

HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\InprocServer32#ThreadingModel

HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\ProgID

HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\Programmable

HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\TypeLib

HKCR\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}\VersionIndependentProgID

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\InprocServer32#ThreadingModel

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\ProgID

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\Programmable

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\TypeLib

HKCR\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}\VersionIndependentProgID

HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}

HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0

HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0

HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\win32

HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS

HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR

HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}

HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0

HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0

HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\win32

HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS

HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR

HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}

HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0

HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0

HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\win32

HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\FLAGS

HKCR\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}\1.0\HELPDIR

HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}

HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid

HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32

HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib

HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version

HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}

HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid

HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32

HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib

HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version

HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}

HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid

HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32

HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib

HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version

HKU\S-1-5-21-2502830777-2742604688-2715807962-1000\Software\ShoppingReport

HKLM\Software\ShoppingReport

HKLM\Software\ShoppingReport#affid

HKLM\Software\ShoppingReport#Version

HKLM\Software\ShoppingReport#ProductName

HKLM\Software\ShoppingReport#SG_Not_Set

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayIcon

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayName

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#UninstallString

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#DisplayVersion

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#URLInfoAbout

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport#Publisher

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID

HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension

D:\Program Files\ShoppingReport\Bin\2.5.0

D:\Program Files\ShoppingReport\Bin

D:\Program Files\ShoppingReport\Uninst.exe

D:\Program Files\ShoppingReport

 

Adware.Tracking Cookie

.revsci.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.revsci.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.revsci.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.revsci.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ads.pointroll.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

counter.hitslink.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.adtech.de [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.track.adform.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.track.adform.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.tradedoubler.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.tradedoubler.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.tradedoubler.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

track.adform.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

track.adform.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.track.adform.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.doubleclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.doubleclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.advertising.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.advertising.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.advertising.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.advertising.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.advertising.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.microsoftwlmessengermkt.112.2o7.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.2o7.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.casalemedia.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.revenue.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.casalemedia.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.casalemedia.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.tribalfusion.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.specificclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.specificclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.specificclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.specificclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.specificclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.specificclick.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.mediaplex.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.msnportal.112.2o7.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

webcount.finn.no [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

server.iad.liveperson.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

server.iad.liveperson.net [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.kontera.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.kontera.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.windowsmedia.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.stat.katalysatormedia.no [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

.overture.com [ C:\Windows.old\Documents and Settings\Fred Erik\Application Data\Mozilla\Firefox\Profiles\suyb8un3.default\cookies.txt ]

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@adbrite[1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred [email protected][1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred [email protected][1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@atdmt[2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@doubleclick[2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred [email protected][1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@2o7[2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@tradedoubler[2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@windowsmedia[2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred [email protected][1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@zedo[1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@statcounter[1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred [email protected][2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@advertising[1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@overture[1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@clicksor[2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@adtech[1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred [email protected][1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@clicktorrent[2].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@mediaplex[1].txt

C:\Windows.old\Documents and Settings\Fred Erik\Cookies\fred erik@serving-sys[1].txt

 

Combofix:

 

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-06-16.5 - Fredd 2008-06-19 16:09:15.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1915 [GMT 2:00]

Running from: C:\Users\Fredd\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible infected sites -----

 

hxxp://nakenprat.com

hxxp://www.nakenprat.com

hxxp://erotiskemodeller.com

.

((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))

.

 

2008-06-19 15:24 . 2008-06-19 15:24 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\Sports Interactive

2008-06-19 15:23 . 2008-06-19 15:23 <DIR> dr-h----- C:\Users\Fredd\AppData\Roaming\SecuROM

2008-06-19 15:20 . 2008-06-19 15:21 <DIR> d--h----- D:\Program Files\Zero G Registry

2008-06-19 15:20 . 2008-06-19 15:20 <DIR> d-------- D:\Program Files\Sports Interactive

2008-06-19 15:20 . 2008-06-19 15:20 <DIR> d--h----- C:\Users\Fredd\InstallAnywhere

2008-06-19 13:03 . 2008-06-19 13:03 <DIR> d-------- D:\Program Files\Trend Micro

2008-06-19 13:03 . 2008-06-19 13:03 <DIR> d-------- D:\Program Files\SUPERAntiSpyware

2008-06-19 13:03 . 2008-06-19 13:03 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\SUPERAntiSpyware.com

2008-06-19 13:03 . 2008-06-19 13:03 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-06-19 13:03 . 2008-06-19 13:03 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-06-19 13:02 . 2008-06-19 13:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-19 12:03 . 2008-06-19 12:03 <DIR> d-------- D:\Program Files\Stardock

2008-06-19 11:55 . 2008-06-19 11:55 <DIR> d-------- C:\Users\All Users\Google

2008-06-19 11:55 . 2008-06-19 11:55 3,120 --a------ C:\Windows\System32\ALLFSAF6a.ocx

2008-06-19 11:53 . 2008-06-19 11:53 <DIR> d-------- C:\Windows\System32\URTTEMP

2008-06-18 18:56 . 2008-06-18 18:56 <DIR> d-------- D:\Program Files\aMSN

2008-06-18 18:56 . 2008-06-19 15:17 <DIR> d-------- C:\Users\Fredd\amsn

2008-06-09 01:27 . 2008-06-12 20:03 <DIR> d-------- C:\Users\All Users\TrackMania

2008-06-09 01:27 . 2008-06-12 20:03 <DIR> d-------- C:\ProgramData\TrackMania

2008-06-08 19:38 . 2008-06-08 19:38 <DIR> d-------- C:\Windows\ulead.dat

2008-06-08 19:37 . 2008-06-08 19:37 <DIR> d-------- C:\Users\All Users\QuickTime

2008-06-08 19:37 . 2008-06-08 19:37 <DIR> d-------- C:\ProgramData\QuickTime

2008-06-08 19:37 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe

2008-06-08 19:32 . 2008-06-08 19:32 <DIR> d-------- C:\Users\All Users\Ulead Systems

2008-06-08 19:32 . 2008-06-08 19:32 <DIR> d-------- C:\ProgramData\Ulead Systems

2008-06-08 19:32 . 2008-06-08 19:38 196 --a------ C:\Windows\ulead32.ini

2008-06-08 19:31 . 2008-06-08 19:36 54,156 --ah----- C:\Windows\QTFont.qfn

2008-06-08 19:31 . 2008-06-08 19:36 1,409 --a------ C:\Windows\QTFont.for

2008-06-08 02:08 . 2008-06-08 02:08 <DIR> d-------- D:\Program Files\Foxit Software

2008-06-08 00:32 . 2008-06-08 00:32 <DIR> d-------- D:\Program Files\Winamp Remote

2008-06-08 00:32 . 2008-06-08 00:33 <DIR> d-------- C:\Users\All Users\OrbNetworks

2008-06-08 00:32 . 2008-06-08 00:33 <DIR> d-------- C:\ProgramData\OrbNetworks

2008-06-08 00:31 . 2008-06-08 04:28 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\Winamp

2008-05-30 22:03 . 2008-06-08 12:59 <DIR> d-------- D:\Program Files\Google

2008-05-30 22:03 . 2007-12-03 02:10 644,400 --a------ C:\Windows\System32\MSCOMCT2.OCX

2008-05-29 00:08 . 2007-08-24 15:06 110,592 --a------ C:\Windows\System32\TG_DUMP0708.DLL

2008-05-29 00:08 . 2007-06-12 15:54 102,400 --a------ C:\Windows\System32\TG_VIEW0607.DLL

2008-05-29 00:08 . 2007-06-12 15:54 90,112 --a------ C:\Windows\System32\TG_SYNC.DLL

2008-05-28 23:29 . 2008-05-28 23:29 <DIR> d-------- D:\Program Files\WinAVI Video Converter

2008-05-28 23:26 . 2008-05-28 23:26 <DIR> d-------- D:\Program Files\FLVPlayer4Free

2008-05-28 23:26 . 2008-05-28 23:27 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\FLVPlayer4Free

2008-05-28 23:22 . 2008-05-28 23:30 49 --a------ C:\Windows\NeroDigital.ini

2008-05-28 23:20 . 2008-05-28 23:20 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\AVS4YOU

2008-05-28 23:20 . 2008-05-28 23:20 <DIR> d-------- C:\Users\All Users\AVS4YOU

2008-05-28 23:20 . 2008-05-28 23:20 <DIR> d-------- C:\ProgramData\AVS4YOU

2008-05-28 23:19 . 2008-05-28 23:20 <DIR> d-------- D:\Program Files\AVS4YOU

2008-05-28 23:19 . 2008-05-28 23:20 <DIR> d-------- C:\Program Files\Common Files\AVSMedia

2008-05-28 23:19 . 2007-02-27 19:36 974,848 --a------ C:\Windows\System32\mfc70.dll

2008-05-28 23:19 . 2007-02-27 19:36 487,424 --a------ C:\Windows\System32\msvcp70.dll

2008-05-28 23:19 . 2007-02-27 19:36 344,064 --a------ C:\Windows\System32\msvcr70.dll

2008-05-28 23:19 . 2007-02-27 19:36 24,576 --a------ C:\Windows\System32\msxml3a.dll

2008-05-28 23:12 . 2000-08-21 11:22 1,388,544 --a------ C:\Windows\System32\temp.001

2008-05-28 23:11 . 2008-05-28 23:11 <DIR> d-------- D:\Program Files\MPEG Converter

2008-05-28 23:11 . 2003-09-23 18:31 794,624 --a------ C:\Windows\System32\mpgfiltr.ax

2008-05-28 23:11 . 2003-10-07 22:15 348,160 --a------ C:\Windows\System32\axVideoConvert.dll

2008-05-28 23:10 . 2000-08-21 11:22 1,388,544 --a------ C:\Windows\System32\temp.000

2008-05-28 21:58 . 2008-05-28 21:58 <DIR> d-------- D:\Program Files\XviD

2008-05-28 21:58 . 2008-05-28 21:58 <DIR> d-------- D:\Program Files\Lame MP3 Codec

2008-05-28 21:58 . 2002-12-03 22:13 1,048,576 --a------ C:\Windows\System32\lameACM.acm

2008-05-28 21:58 . 2005-05-03 09:33 299,008 --a------ C:\Windows\System32\LAME_MP3.dll

2008-05-28 21:58 . 2008-05-28 21:58 65,024 --a------ C:\Windows\IFinst26.exe

2008-05-28 21:58 . 2004-12-10 21:29 401 --a------ C:\Windows\System32\lame_acm.xml

2008-05-28 21:57 . 2008-05-28 21:57 <DIR> d-------- D:\Program Files\Samsung

2008-05-28 21:57 . 2008-05-28 21:57 <DIR> d-------- D:\Program Files\MarkAny

2008-05-28 21:57 . 2008-05-28 21:57 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\DataCast

2008-05-27 16:58 . 2008-05-27 16:59 <DIR> d-------- D:\Program Files\MediaMonkey

2008-05-26 15:42 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll

2008-05-26 15:31 . 2008-05-28 23:16 <DIR> d-------- D:\Program Files\Codemasters

2008-05-25 23:12 . 2008-05-25 23:12 <DIR> d-------- D:\Program Files\Windows Sidebar

2008-05-25 23:12 . 2008-05-25 23:12 <DIR> d-------- D:\Program Files\Nero

2008-05-25 23:12 . 2008-05-25 23:12 <DIR> d-------- C:\Users\All Users\Nero

2008-05-25 23:12 . 2008-05-25 23:12 <DIR> d-------- C:\ProgramData\Nero

2008-05-25 23:12 . 2008-05-25 23:13 <DIR> d-------- C:\Program Files\Common Files\Ahead

2008-05-22 23:00 . 2008-05-25 16:04 <DIR> d-------- D:\Program Files\Desktop Sidebar

2008-05-22 23:00 . 2008-05-22 23:04 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\Desktop Sidebar

2008-05-22 22:55 . 2008-05-22 22:55 <DIR> d-------- C:\Users\All Users\WEBREG

2008-05-22 22:55 . 2008-05-22 22:55 <DIR> d-------- C:\ProgramData\WEBREG

2008-05-22 22:53 . 2008-05-26 21:46 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\HP

2008-05-22 22:50 . 2008-05-22 22:50 <DIR> d-------- C:\Users\All Users\HPSSUPPLY

2008-05-22 22:50 . 2008-05-22 22:50 <DIR> d-------- C:\ProgramData\HPSSUPPLY

2008-05-22 22:48 . 2008-05-22 22:48 <DIR> d-------- D:\Program Files\Hewlett-Packard

2008-05-22 22:48 . 2008-05-22 22:50 <DIR> d-------- C:\Program Files\Common Files\HP

2008-05-22 22:48 . 2008-05-22 22:48 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2008-05-22 22:47 . 2008-05-22 22:50 <DIR> d-------- D:\Program Files\HP

2008-05-22 22:46 . 2008-05-22 22:55 148,891 --a------ C:\Windows\hpoins19.dat

2008-05-22 22:41 . 2008-05-22 22:53 <DIR> d-------- C:\Users\All Users\HP

2008-05-22 22:41 . 2008-05-22 22:53 <DIR> d-------- C:\ProgramData\HP

2008-05-22 22:41 . 2006-12-16 08:19 675,840 --a------ C:\Windows\System32\SET1E1C.tmp

2008-05-22 22:41 . 2006-12-16 08:19 573,440 --a------ C:\Windows\System32\SET1F19.tmp

2008-05-22 22:41 . 2006-12-16 08:19 303,104 --a------ C:\Windows\System32\hpovst01.dll

2008-05-22 22:41 . 2006-11-20 23:36 258,048 --a------ C:\Windows\System32\hpzids01.dll

2008-05-22 22:41 . 2007-03-13 21:52 26,952 --a------ C:\Windows\hpomdl19.dat

2008-05-22 22:39 . 2008-05-22 22:39 <DIR> d-------- D:\Program Files\Microsoft Works

2008-05-22 22:39 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll

2008-05-22 22:38 . 2008-05-22 22:38 <DIR> d-------- D:\Program Files\MSBuild

2008-05-22 22:38 . 2008-05-22 22:38 <DIR> d-------- D:\Program Files\Microsoft.NET

2008-05-22 22:36 . 2008-05-22 22:36 <DIR> d-------- D:\Program Files\Microsoft Visual Studio 8

2008-05-22 22:36 . 2008-05-22 22:40 <DIR> d-------- C:\Users\All Users\Microsoft Help

2008-05-22 22:36 . 2008-05-22 22:40 <DIR> d-------- C:\ProgramData\Microsoft Help

2008-05-22 22:28 . 2008-05-22 22:31 <DIR> d-------- D:\Program Files\DAEMON Tools Lite

2008-05-22 19:00 . 2008-06-19 12:56 <DIR> d-------- D:\Program Files\uTorrent

2008-05-22 17:02 . 2008-05-22 17:02 <DIR> d-------- D:\Program Files\Creative

2008-05-22 17:02 . 2007-07-18 22:16 342,528 --a------ C:\Windows\System32\drivers\ADIHdAud.sys

2008-05-22 17:02 . 2007-03-26 09:09 30,720 --a------ C:\Windows\System32\SmaxCo.dll

2008-05-22 17:01 . 2008-05-22 17:01 26,174 --a------ C:\Windows\Ascd_tmp.ini

2008-05-22 16:57 . 2008-05-22 17:02 <DIR> d-------- D:\Program Files\Analog Devices

2008-05-22 16:57 . 2001-09-11 15:20 1,285,632 --------- C:\Windows\System32\SMMedia.dll

2008-05-22 16:57 . 2007-06-19 13:07 103,424 --a------ C:\Windows\System32\drivers\aeaudio.sys

2008-05-22 16:57 . 2003-08-19 19:36 65,536 --a------ C:\Windows\System32\a3d.dll

2008-05-22 16:57 . 2005-05-04 09:20 53,248 --------- C:\Windows\System32\wdmioctl.dll

2008-05-22 16:57 . 2002-04-17 15:05 45,056 --------- C:\Windows\System32\CleanUp.exe

2008-05-22 16:57 . 2007-03-27 10:36 28,160 --a------ C:\Windows\System32\PostProc.dll

2008-05-21 17:25 . 2008-06-09 21:08 <DIR> d-------- D:\Program Files\mIRC

2008-05-21 17:25 . 2008-06-09 21:09 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\NoNameScript

2008-05-21 17:25 . 2008-05-21 17:25 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\mIRC

2008-05-21 17:23 . 2008-05-21 17:25 <DIR> d-------- D:\Program Files\Irssi

2008-05-20 22:28 . 2008-05-20 22:28 <DIR> d-------- D:\Program Files\Razer

2008-05-20 22:28 . 2008-06-19 11:55 <DIR> d--h----- D:\Program Files\InstallShield Installation Information

2008-05-20 13:12 . 2008-05-20 13:12 <DIR> d-------- D:\Program Files\VideoLAN

2008-05-20 10:52 . 2008-06-08 12:59 <DIR> d-------- D:\Program Files\Mozilla Thunderbird

2008-05-20 10:52 . 2008-05-20 10:52 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\Thunderbird

2008-05-20 10:52 . 2008-05-20 10:52 <DIR> d-------- C:\Users\Fredd\AppData\Roaming\Talkback

2008-05-20 10:52 . 2008-05-20 10:52 0 --a------ C:\Windows\nsreg.dat

2008-05-19 22:05 . 2008-06-08 00:32 <DIR> d-------- D:\Program Files\Winamp

2008-05-19 22:05 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 13:38 --------- d-----w C:\Users\Fredd\AppData\Roaming\uTorrent

2008-06-11 15:00 --------- d-----w C:\Program Files\Common Files\Steam

2008-05-26 22:45 --------- d-----w C:\Users\Fredd\AppData\Roaming\Ahead

2008-05-22 15:02 409,600 ----a-w C:\Windows\System32\wrap_oal.dll

2008-05-22 15:02 114,688 ----a-w C:\Windows\System32\OpenAL32.dll

2008-05-19 13:32 --------- d-----w C:\ProgramData\WLInstaller

2008-05-18 20:59 --------- d-----w D:\Program Files\Yahoo!

2008-05-18 20:59 --------- d-----w D:\Program Files\CCleaner

2008-05-18 20:30 --------- d-----w C:\Users\Fredd\AppData\Roaming\TMP

2008-05-18 17:47 --------- d-----w C:\Program Files\Common Files\Stardock

2008-05-18 15:32 --------- d-----w C:\ProgramData\SonicFocus

2008-05-18 14:06 --------- d-----w C:\Program Files\Common Files\Java

2008-05-18 13:22 --------- d-----w C:\Users\Fredd\AppData\Roaming\Convivea

2008-05-16 21:44 --------- d-----w C:\Users\Fredd\AppData\Roaming\vlc

2008-05-16 19:55 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-05-16 19:55 --------- d-----w C:\Users\Fredd\AppData\Roaming\DAEMON Tools

2008-05-16 19:25 --------- d-----w C:\ProgramData\Ahead

2008-05-16 16:20 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-16 16:05 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys

2008-05-16 16:05 67,080 ----a-w C:\Windows\system32\drivers\avgwfpx.sys

2008-05-16 16:05 10,520 ----a-w C:\Windows\System32\avgrsstx.dll

2008-05-16 16:05 --------- d-----w C:\ProgramData\avg8

2008-05-16 15:57 --------- d-----w C:\Users\Fredd\AppData\Roaming\Apple Computer

2008-05-16 15:55 --------- d-----w C:\ProgramData\Apple

2008-05-16 15:33 --------- d-----w C:\ProgramData\NVIDIA

2008-05-16 15:07 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-16 14:47 --------- d-----w C:\Users\Fredd\AppData\Roaming\InstallShield

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]

"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]

"Orb"="D:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 03:54 507904]

"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-25 23:47 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-25 23:47 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-25 23:47 81920]

"WinSys2"="C:\Windows\system32\startup.exe" [2007-10-30 10:52 57344]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]

"Launch LCDMon"="D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]

"Launch LGDCore"="D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]

"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"Copperhead"="D:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]

"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 08:35 1261568]

"SoundTray"="D:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 14:53 49152]

"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]

"SMSTray"="D:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32 126976]

"MAAgent"="D:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36 57344]

"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [ ]

 

C:\Users\Fredd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - D:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-19 12:03:37 3581680]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}"= D:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\startupfolder\C:^Users^Fredd^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]

path=C:\Users\Fredd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk

backup=C:\Windows\pss\Stardock ObjectDock.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\C:^Users^Fredd^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TB-Tray.lnk]

path=C:\Users\Fredd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TB-Tray.lnk

backup=C:\Windows\pss\TB-Tray.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 11:39 486856 D:\Program Files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 D:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner]

C:\Program Files\ASUS\AI Direct Link\AsCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

D:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-03-28 23:37 413696 D:\Program Files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

D:\Program Files\Desktop Sidebar\dsidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-05-19 15:34 1271032 D:\Program Files\Steam\Steam.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{7E3A8E0C-E83C-42DC-8813-C06F1A0830A7}"= UDP:D:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{36F0388C-8432-4F26-BCAA-8E786F0BAAAC}"= TCP:D:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{8D2B59AC-E218-4728-87C2-B12AC3EB6DFA}"= D:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

"{80DAC530-398D-4CFE-B044-E5620DEE8786}"= D:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

"{289DA0E9-F30F-4303-9376-BCAAAEA58D19}"= D:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{0A2992B2-D476-4469-8CFA-A645556D4F9F}D:\\program files\\steam\\steamapps\\frd_hgn\\counter-strike source\\hl2.exe"= UDP:D:\program files\steam\steamapps\frd_hgn\counter-strike source\hl2.exe:hl2

"UDP Query User{FA3F0ACB-2D34-4AC8-93F3-EECEDE59E099}D:\\program files\\steam\\steamapps\\frd_hgn\\counter-strike source\\hl2.exe"= TCP:D:\program files\steam\steamapps\frd_hgn\counter-strike source\hl2.exe:hl2

"{99FA9833-C9AE-4F6E-B683-E50313DB24D4}"= UDP:D:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{B7F663AC-F8EF-44BC-B497-3A4C2EA0BFE6}"= TCP:D:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{1420A2A2-E3A8-40EF-BD0D-923B3B980853}"= D:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{2D0BCE8D-3A97-4618-A445-35401B050C6E}D:\\program files\\mozilla firefox\\firefox.exe"= UDP:D:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{C16B1925-56D7-4C46-A710-F4914C695DAD}D:\\program files\\mozilla firefox\\firefox.exe"= TCP:D:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{EDE961DD-6E84-462D-9B43-2B58E5A9CE06}D:\\program files\\steam\\steamapps\\frd_hgn\\counter-strike\\hl.exe"= UDP:D:\program files\steam\steamapps\frd_hgn\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{6572E87C-78D4-4569-828F-C9E4FBDDB2C3}D:\\program files\\steam\\steamapps\\frd_hgn\\counter-strike\\hl.exe"= TCP:D:\program files\steam\steamapps\frd_hgn\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{2F9CE6D0-7DDC-4E50-A527-DDCA4A88C0BF}D:\\program files\\mirc\\mirc.exe"= UDP:D:\program files\mirc\mirc.exe:mIRC

"UDP Query User{15181557-C9BD-4FDF-AC75-52CB14D38467}D:\\program files\\mirc\\mirc.exe"= TCP:D:\program files\mirc\mirc.exe:mIRC

"{26F2EEC5-668F-453E-81EB-E2F0525E229E}"= TCP:6004|D:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{D0E1BE40-0321-4414-8FBD-66324B8D92F8}"= UDP:D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{8EFEFD5A-CB50-4D74-9E68-3671EF212859}"= TCP:D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{77BD4303-9075-4D68-BA50-9835253C44BF}"= UDP:D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7021C220-29CF-4B1F-9460-61D716FA1133}"= TCP:D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A6031223-F1EB-4455-9392-C542EE00D090}"= UDP:D:\Program Files\iTunes\iTunes.exe:iTunes

"{B452EB6B-7DB7-4D88-BCE4-00CDA3F6D1FE}"= TCP:D:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{799332E4-946A-4D67-B7BD-D482A36987F8}D:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable

"UDP Query User{CA9043D7-CAEE-4039-83FE-380F701F2FDB}D:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable

"{8FA2D91A-FE96-4ADB-9271-73C8A8C641B6}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player

"{12817257-2BA5-4A11-A410-E112D9193CBC}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player

"{CD68827D-C295-491F-BF64-5F75E9B0535E}"= UDP:D:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{3C205442-3B79-4BBE-A71E-CA49538F6941}"= TCP:D:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{B2A82ED6-A1A4-4D20-B976-51682AE50677}"= UDP:D:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{6DA417C7-F998-40C5-B421-273607840C94}"= TCP:D:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{5BFB9533-F4B3-4A8C-9D1B-A873FA5F216C}"= UDP:D:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{62036CBE-618E-4DBD-9EAC-9CC92A408C3B}"= TCP:D:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{3D85020E-CD0A-473F-B874-5E542BB95962}"= UDP:D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{E9036646-FC31-48D3-AB4B-9506E08B331D}"= TCP:D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{B35AA534-595A-4594-B173-BEC547557C74}D:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:D:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{2A94B1EE-8235-485B-BDFD-745CEFCB15DC}D:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:D:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"TCP Query User{95863491-59DE-42C5-A114-C587336DE8E1}D:\\program files\\amsn\\bin\\wish.exe"= UDP:D:\program files\amsn\bin\wish.exe:Wish Application

"UDP Query User{66D4FD5F-DE07-42C5-9E8D-A76320A44E71}D:\\program files\\amsn\\bin\\wish.exe"= TCP:D:\program files\amsn\bin\wish.exe:Wish Application

"TCP Query User{F6B7EAA7-9907-4801-A08C-AAD9B5C2E69B}D:\\program files\\google\\google sketchup 6\\sketchup.exe"= UDP:D:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application

"UDP Query User{48C91FC7-9B93-4B08-89E9-8B75EECDA034}D:\\program files\\google\\google sketchup 6\\sketchup.exe"= TCP:D:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application

"TCP Query User{F2C1EBA9-7B3E-4C07-887C-F4C5BE0B2E7F}D:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= UDP:D:\program files\google\google sketchup 6\layout\layout.exe:LayOut

"UDP Query User{BE3D189C-2EE0-471F-B060-505A7BF77A40}D:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= TCP:D:\program files\google\google sketchup 6\layout\layout.exe:LayOut

"{867F9D73-15E2-468A-8B19-6608F606998D}"= UDP:D:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{103BBBA7-CE9F-426B-BD19-EC1AC0D45786}"= TCP:D:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-16 18:05]

R3 UsbFltr;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys [2005-11-02 10:54]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 10:15]

S2 avg8emc;AVG8 E-mail Scanner;D:\PROGRA~1\AVG\AVG8\avgemc.exe []

S2 avg8wd;AVG8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe []

S3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-05-16 18:05]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-11 16:59]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1951c4be-2382-11dd-93c5-001e8c9a7e73}]

\shell\AutoRun\command - F:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d845a9b-239e-11dd-852c-806e6f6e6963}]

\shell\AutoRun\command - E:\Autorun.exe

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 16:10:49

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-19 16:11:19

ComboFix-quarantined-files.txt 2008-06-19 14:11:17

 

Pre-Run: 7,508,127,744 bytes free

Post-Run: 7,499,599,872 bytes free

 

315

 

HJT:

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:10, on 2008-06-19

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

D:\Program Files\Razer\Copperhead\razerhid.exe

D:\Program Files\Analog Devices\Core\smax4pnp.exe

D:\Program Files\Analog Devices\SoundMAX\SoundTray.exe

C:\Windows\System32\rundll32.exe

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

D:\Program Files\HP\HP Software Update\hpwuSchd2.exe

D:\Program Files\MarkAny\ContentSafer\MaAgent.exe

C:\Windows\ehome\ehtray.exe

D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\Razer\Copperhead\razertra.exe

D:\Program Files\Razer\Copperhead\razerofa.exe

D:\Program Files\aMSN\bin\wish.exe

D:\program files\mozilla firefox\firefox.exe

D:\Program Files\Sports Interactive\Football Manager 2008\fm.exe

C:\Windows\explorer.exe

C:\Windows\System32\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

D:\Program Files\Trend Micro\HijackThis\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Copperhead] D:\Program Files\Razer\Copperhead\razerhid.exe

O4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundTray] D:\Program Files\Analog Devices\SoundMAX\SoundTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sMSTray] D:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [MAAgent] D:\Program Files\MarkAny\ContentSafer\MAAgent.exe

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'd:\program files\bonjour\mdnsnsp.dll' missing

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - D:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)

O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - D:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 7761 bytes

 

Noen som kan ta seg tid til å sjekke de?

[snippsat]

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

Sas og combofix tok med seg noe grums.

 

Ser bra ut

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Surf trygt.

Endret 19. juni 2008 av SNIPPSAT

[elZiko]

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

 

 

De vil ikke fjernes.

Har prøvd å restarte pcen også.

[snippsat]

Husk steng nettleser før fix checked.

 

Det er noe rester etter program du har slettet,ikke farlig og ha på systemet.

Endret 19. juni 2008 av SNIPPSAT

[r2d290]

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

-Surf trygt-